Government Requests Transparency Report

Fiscal Year 2015
(December 1, 2014 - November 30, 2015)

Adobe, like all hosted service providers, is required to disclose customer data when we receive valid legal process from a government agency with jurisdiction. In this – our second annual transparency report – we disclose information about all government requests seeking access to Adobe customer data that we received during our fiscal year 2015 (FY 2015), the services to which they relate, the country of origin, and how we responded. Every request we receive is carefully scrutinized by the Adobe Trust & Safety team to ensure law enforcement is entitled to the data they request with the type of process they have obtained, and is managed in accordance with our law enforcement response policies, which you will find here. Adobe’s FY 2014 transparency report is available here.

Government Requests By Service: During FY 2015, the majority of requests we received related to our Revel and Lightroom Mobile photo storage and sharing services (11 requests seeking data about 24 accounts) and to customer Adobe ID accounts or Adobe store transactions (14 requests about 26 accounts). The remaining requests we received sought information about customers of our Creative Cloud service (3 requests seeking data about 3 accounts), our Adobe Document Cloud and eSign services (2 requests seeking data about 3 accounts), our Adobe Community Forums (one request about one user account), our Fotolia service (one request about one user account), our Business Catalyst service (one request about one account), and our Digital Marketing Suite (one request about one user account). Some requests we received sought data about users with accounts on multiple Adobe services.

Government Requests By Country of Origin: All of the international government requests we received this year originated from Germany (10 requests about 19 accounts). This year, we made no disclosures in response to those requests because none adhered to Adobe policy requiring service of process on Adobe Systems Software Ireland Limited when seeking data about users outside of North America. As a result, all disclosures we made this year were in response to legal process received from U.S. federal or state authorities.

Some Additional Interesting Facts:

No Enterprise Customer Data Disclosed: Although we received one government request seeking access to enterprise customer data in FY 2015, we did not disclose any data in response to it. We notified the customer of the request.

No Customer Content Disclosed Without A Search Warrant: Adobe does not disclose customer content stored in our cloud services (such as photos, videos or documents) unless we receive a search warrant issued upon a showing of probable cause under relevant state or federal law. We received search warrants in all ten matters this year where we disclosed customer content.

No National Security Requests Received: As of the end of FY 2015, Adobe still has not received any form of national security process, such as a National Security Letter (NSL) or Foreign Intelligence Surveillance Act (FISA) order.

No Delaying Customer Notice Unless We Are Legally Obligated To Do So: As we did last year, we rejected a number of requests from governments to delay notice to our users because the requests were made informally. We only delay notice to our customers where we are legally obligated to do so (for example, when we receive a delayed notice order issued by a court). This year, we received 12 delayed notice orders.

No Backdoors: Adobe has not built ‘backdoors’ for any government – foreign or domestic – into our products or services. All government requests for user data need to come through the front door (i.e., by serving valid legal process upon the appropriate Adobe legal department). Adobe vigorously opposes legislation in the US and overseas that would in any way weaken the security of our products or our users’ privacy protections.